The Pentagon is planning to issue a final rule in December establishing a regime for Defense Department acquisition officials to conduct assessments of a contractor's compliance with NIST Special Publication 800-171.
Tuesday, July 5, 2022
Tuesday, July 5, 2022
The Pentagon is planning to issue a final rule in December establishing a regime for Defense Department acquisition officials to conduct assessments of a contractor's compliance with NIST Special Publication 800-171.
Pentagon cyber chief David McKeown says there are ongoing discussions to create a "cyber secure framework" for the defense industrial base that will go beyond the CMMC program and be based on the NIST cybersecurity framework.
The Pentagon's acquisition office has issued a memorandum reminding acquisition officials of the Defense Department's current standard for the handling of controlled unclassified information and potential remedies for non-compliance.
The House Armed Services Committee has approved its version of the fiscal 2023 defense authorization bill, including provisions to create an “information collaboration environment” at CISA and directing DHS and CISA to provide details to Congress on cyber incident response responsibilities.
The House Armed Services Committee is set to mark up an annual defense policy bill that includes creation of the "Cyber Threat Information Collaboration Environment Program," a reworked version of a Cyberspace Solarium Commission proposal viewed as an important component for government-industry interaction.
The House Armed Services Committee will take the first steps today in considering cyber proposals for the fiscal year 2023 defense authorization bill, including requiring a congressional briefing from Pentagon officials on their cyber certification program and Software Bill of Materials efforts.
The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program announced a rebrand and new website today, aiming to align with the organization's future and offering new opportunities to bring CMMC to civilian agencies and international entities.
The Defense Department and the Cybersecurity and Infrastructure Security Agency have published a process guide to help agencies evaluate security when it comes to acquiring fifth-generation telecom technology, using the NIST risk management framework.
The Defense Department faces a calculated risk in terms of starting up third-party assessments under the Cybersecurity Maturity Model Certification program for early adopters, according to contracting attorney Robert Metzger, who sees ongoing work to finalize changes to the Pentagon's acquisition rules as one barrier for the delayed interim launch.
The Defense Department is accelerating by two months its plans to implement changes to the Cybersecurity Maturity Model Certification program, with the release of two interim final rules now expected in March 2023 and requirements to start showing up in contracts 60 days after the rules are published under a three-year rollout plan.
The National Institute of Standards and Technology this year will issue a "pre-call" for public comments on updates to four publications concerning the security of controlled unclassified information.
The Pentagon's interest in enabling companies to reach Cybersecurity Maturity Model Certification compliance through FedRAMP-approved cloud offerings is generating conversations within Microsoft and managed service providers on how such an offering could work in practice.
Cybersecurity Maturity Model Certification assessment organizations are waiting on several details to fall into place so they can start conducting official assessments for companies that want to compete for defense contracts, but stakeholders say uncertainty over rulemaking timing is not impacting demand from companies wanting to be early adopters.
Cybersecurity Maturity Model Certification Accreditation Body CEO Matthew Travis says he expects the Defense Department in early August to allow official third-party assessments under the voluntary cybersecurity certification program, kicking off the start of an interim period where company certifications will be accepted when the CMMC requirements start showing up in contracts next year.
The Defense Department is moving aggressively to implement zero-trust architectures across the services and agencies by the end of 2027, according to Pentagon cyber chief David McKeown, who says the move has been accelerated by President Biden's cyber executive order.
The Defense Department is in the early stages of determining whether it can work with industry partners to develop cloud service offerings that can help contractors meet Cybersecurity Maturity Model Certification requirements, according to Pentagon cyber chief David McKeown.
Two rulemakings to implement the Pentagon's Cybersecurity Maturity Model Certification program are expected in May 2023, according to CMMC Director Stacy Bostjanick, who says they could be followed by an additional rule to establish how reciprocity will work with international partners.
The National Institute of Standards and Technology has added two new data formats intended to improve the usability of four publications that are foundational to the Pentagon's cyber certification program.
The Pentagon will start the formal process in July to make regulatory changes to its Cybersecurity Maturity Model Certification program with the submission of a new rulemaking to the White House Office of Management and Budget for review, according to a Pentagon spokesman.
The use of waivers for the Pentagon’s Cybersecurity Maturity Model Certification program will be determined based on the needs of acquisition officials for specific contracts, not the qualifications of a company bidding for contract selection, according to CMMC director Stacy Bostjanick.